lgtm. This revision intent does not include much details as we discussed, we can find it in ML thread anyway.
Thanks, Halton. > -----Original Message----- > From: Zaman, Imran > Sent: Thursday, June 26, 2014 5:48 PM > To: Huo, Halton; Laako, Jussi; Balestrieri, Francesco; > [email protected]; Santos, Thiago > Subject: Intent to implement Tizen SSO WebAPI > > Hi > > Please find below the details of Tizen SSO WebAPI > > Description: > gSSO or 'glib-Single-Sign-On' is an extensible, secure storage and a single > sign-on service. Its password- and authentication-management supports all > the common authentication protocols, like OAuth, Digest and SASL out of > the box. gSSO is extensible and based on a plug-in architecture. gSSO is for > application developers, operating system vendors, and system developers > to increase the ease of use and strength of an app or system's security. > Use case is to have support for OAuth and other authentication methods > for web applications. gSSO would also bridge/unify authentication > between native and web applications. > More details can be viewed at https://01.org/gsso > > Affected component: > xwalk extension > (https://github.com/crosswalk-project/tizen-extensions-crosswalk) > > Spec: > https://code.google.com/p/accounts-sso/source/browse/widl/signon.widl > ?repo=libgsignon-glib > > Related feature: > https://crosswalk-project.org/jira/browse/XWALK-1877 > > Target release: > Crosswalk 8 > > Target Platform > Crosswalk on Tizen > > Implementation details: > - SSO WebAPI extension implementation is to be based on the guidelines > on crosswalk website at > https://crosswalk-project.org/#documentation/tizen_ivi_extensions/write > _an_extension > - An example is to be added to examples folder under crosswalk extension > project and it can be used to verify SSO WebAPIs > > BR > imran > ________________________________________ > From: Zaman, Imran > Sent: 25 June 2014 16:23 > To: Huo, Halton; Laako, Jussi; Balestrieri, Francesco; > [email protected]; Santos, Thiago > Subject: RE: [Crosswalk-dev] Intent to implement (RE: WebAPI needed for > Single Sign on) > > Hi > > Sure, I will put it tomorrow > > BR > imran > ________________________________________ > From: Huo, Halton > Sent: 25 June 2014 05:57 > To: Laako, Jussi; Balestrieri, Francesco; Zaman, Imran; > [email protected]; Santos, Thiago > Subject: RE: [Crosswalk-dev] Intent to implement (RE: WebAPI needed for > Single Sign on) > > Imran/Jussi, > > Many thanks for the responses, is that possible to resubmit the intent with > more details? The original is too simple. > > Thanks, > Halton. > From: Laako, Jussi > Sent: Tuesday, June 24, 2014 7:15 PM > To: Huo, Halton; Balestrieri, Francesco; Zaman, Imran; > [email protected]; Santos, Thiago > Subject: RE: [Crosswalk-dev] Intent to implement (RE: WebAPI needed for > Single Sign on) > > 2) Whoever stores the content is by default owner of it and can decide > who else can access the information. This is the "creator-owner" model > already familiar for example from Windows. It is much like access control > on a file system, where user who creates a file defines the ACL. However > in this case the owner also gets to define the ways how the information > can be used. Other users cannot retrieve the information directly, they > can just indirectly use it (through authentication plugins). > > 3) Target(s) are (sysctx,appctx) pairs, or wild card (not recommended) like > (sysctx,*). So on traditional desktop Linux it could be > (/usr/lib/xwalk:some-app_id). On Tizen the sysctx is SMACK label of the > process instead of the binary path. > > Depending on authentication method, service side may further restrict > access scope per application, like in case of OAuth (Google, Facebook, > Twitter, etc). > > > > - Jussi > > > From: Huo, Halton > Sent: Tuesday, June 24, 2014 10:14 AM > To: Laako, Jussi; Balestrieri, Francesco; Zaman, Imran; > [email protected]<mailto:[email protected] > sswalk-project.org>; Santos, Thiago > Subject: RE: [Crosswalk-dev] Intent to implement (RE: WebAPI needed for > Single Sign on) > > Much clear now. Some follow-up questions: > > 1. Since webapp are start with xwalk-launcher (same binary name), > how does gsigonnd identify a webapp then? > > 2. Is the webapp developer decide whether the identity can be > shared? If so, how? > > 3. Continued with question 2, Can the target be specified? If yes, > HOW? > > 4. How the multi-frame cases considered? Background: extensions > for multi-frames cases are isolated to each other. Should be the SSON be > designed per app? Not per frame? > > Thanks, > Halton. > From: Laako, Jussi > Sent: Tuesday, June 24, 2014 1:12 PM > To: Huo, Halton; Balestrieri, Francesco; Zaman, Imran; > [email protected]<mailto:[email protected] > sswalk-project.org>; Santos, Thiago > Subject: RE: [Crosswalk-dev] Intent to implement (RE: WebAPI needed for > Single Sign on) > > ACL is a list allowed methods and mechanisms, like > ({method1:[mechanism1, mechanism2]},{method2:[mechanism3, > mechanism4]},...) and allowed security contexts, like > ({sysctx1:appctx1},{sysctx2:appctx2},...} > > It is part of the gsignond database structure. Applications can be native or > non-native. The security context was extended to a pair specifically to > better support runtimes. > > For example if Accounts UI stores Identity for your email, it can specify > that only Email application can access it and only using SASL method. > Overall idea is that 1) application developer doesn't need to implement > the authentication protocol, 2) application doesn't need to ever see the > user's credential (username+password) while it can still perform > authentication with it. > > The overall flow is described here: > https://01.org/gsso/documentation/functional-view > > > > From: Huo, Halton > Sent: Monday, June 23, 2014 7:24 PM > To: Laako, Jussi; Balestrieri, Francesco; Zaman, Imran; > [email protected]<mailto:[email protected] > sswalk-project.org>; Santos, Thiago > Subject: RE: [Crosswalk-dev] Intent to implement (RE: WebAPI needed for > Single Sign on) > > > 3) It depends on the used authentication method. The stored item > can be shared between applications, based on the ACL defined by the > entity who owns it. > How does the ACL looks like? And where the ACL is? Here the > "applications" are native app or web app or everything? An specific > example would help me understand. > > Thanks, > Halton. > From: Laako, Jussi > Sent: Monday, June 23, 2014 9:21 PM > To: Huo, Halton; Balestrieri, Francesco; Zaman, Imran; > [email protected]<mailto:[email protected] > sswalk-project.org>; Santos, Thiago > Subject: RE: [Crosswalk-dev] Intent to implement (RE: WebAPI needed for > Single Sign on) > > Hi, > > > 1) libgsignon-glib which in turn has dbus dependency on gsignond > (other low level dependencies are glib and sqlite3) > > 2) At native code level, there's per-stored-item ACL specifying > WHO can access the item and HOW > > 3) It depends on the used authentication method. The stored item > can be shared between applications, based on the ACL defined by the > entity who owns it. > > 4) gSSO, so gsignond, libgsignon-glib and signon-ui-efl or > signon-ui-gtk. xwalk/HTML5 variant of signon-ui is under construction at > the moment. > > For the additional questions: > > 1) API spec is draft and we are now doing initial implementation for > it > > 2) Depends on the used signon-ui component, it is some kind of > native dialog (efl, gtk or xwalk). Usually system modal, but it depends on > the particular UI component design and environment (desktop, mobile, > etc). > > 3) State change has self and enum of the current state. onsignedout > and onremoved only pass the self instance. > > > Best regards, > > > - Jussi > > > > From: Huo, Halton > Sent: Thursday, June 19, 2014 5:34 AM > To: Balestrieri, Francesco; Zaman, Imran; > [email protected]<mailto:[email protected] > sswalk-project.org>; Santos, Thiago > Cc: Laako, Jussi > Subject: RE: [Crosswalk-dev] Intent to implement (RE: WebAPI needed for > Single Sign on) > > > Hi Imran, > > > > Sorry for late response, as Franceso said, this intent is very simple, I do > not > see much design para for this API. I do have some questions for this API: > > 1. What the dependencies? Are the dependencies are ready on Tizen? > > 2. What is security concern? For eg Cross-origin scenario. > > 3. How the SSO on cross app are achieved? > > 4. What the test environment need setup? > > > > And questions for the spec: > https://code.google.com/p/accounts-sso/source/browse/widl/signon.widl > ?repo=libgsignon-glib&name=devel > > 1. I saw it is on devel branch? What the stage of this spec? Any other > vendor implement it? > > 2. > UserPromptPolicy<https://code.google.com/p/accounts-sso/source/brow > se/widl/signon.widl?repo=libgsignon-glib&name=devel#22>, is the dialog > pop up as web prompt or native dialog? Model or non-model? > > 3. > AuthSession<https://code.google.com/p/accounts-sso/source/browse/wi > dl/signon.widl?repo=libgsignon-glib&name=devel#66>: What the data > when statechanged fired? Same question for onsignedout and onremoved > in interface Identity. > > > > Thanks, > > Halton. > > > -----Original Message----- > > > From: Balestrieri, Francesco > > > Sent: Wednesday, June 18, 2014 10:53 PM > > > To: Balestrieri, Francesco; Zaman, Imran; > > > [email protected]<mailto:[email protected] > > rosswalk-project.org>; Santos, Thiago; Huo, Halton > > > Cc: Laako, Jussi > > > Subject: RE: [Crosswalk-dev] Intent to implement (RE: WebAPI needed > > for > > > Single Sign on) > > > > > > Thiago, Halton, can you LGTM this if OK? Or raise your objections if > > you > > > have them. > > > > > > Same applies to other owners. > > > > > > Francesco > > > > > > > -----Original Message----- > > > > From: Crosswalk-dev [mailto:[email protected] > > > > project.org] On Behalf Of Balestrieri, Francesco > > > > Sent: Tuesday, June 10, 2014 1:44 PM > > > > To: Zaman, Imran; > > > [email protected]<mailto:crosswalk-dev@lists > > > .crosswalk-project.org> > > > > Cc: Laako, Jussi > > > > Subject: [Crosswalk-dev] Intent to implement (RE: WebAPI needed for > > > > Single Sign on) > > > > > > > > Hi, > > > > > > > > this counts as an Intent to implement, Thiago, Halton and others > > > > please comment. > > > > > > > > Please follow the proper format in the future: https://crosswalk- > > > > > project.org/#contribute/contributing-code/Declare-your-%22intent-to- > > > > implement%22 > > > > > > > > Francesco > > > > > > > > > -----Original Message----- > > > > > From: Crosswalk-dev > [mailto:[email protected] > > > > > project.org] On Behalf Of Zaman, Imran > > > > > Sent: Monday, June 09, 2014 11:05 AM > > > > > To: > > > > [email protected]<mailto:crosswalk-dev@lis > > > > ts.crosswalk-project.org> > > > > > Cc: Laako, Jussi > > > > > Subject: [Crosswalk-dev] WebAPI needed for Single Sign on > > > > > > > > > > Hei! > > > > > > > > > > I have started implementation of WebAPI extension on crosswalk for > > > gSSO. > > > > > Use case is to have support for OAuth and other authentication > > > > > methods for web applications. gSSO would also bridge/unify > > > > > authentication between native and web applications. More details > > > > can > > > be found at: > > > > > > > > > > Crosswalk jira bug is reported at: https://crosswalk- > > > > > project.org/jira/browse/XWALK-1877 > > > > > Tizen jira bug is documented at: > > > > > https://bugs.tizen.org/jira/browse/TIVI- > > > > > 2718 > > > > > > > > > > Widl file can be accessed at: > > > > > http://code.google.com/p/accounts- > > > > > > > > sso/source/browse/widl/signon.widl?repo=libgsignon-glib&name=devel > > > > > > > > > > BR > > > > > imran > > > > > ------------------------------------------------------------------ > > > > -- > > > > > - > > > > > Intel Finland Oy > > > > > Registered Address: PL 281, 00181 Helsinki Business Identity Code: > > > > > 0357606 - > > > > > 4 Domiciled in Helsinki > > > > > > > > > > This e-mail and any attachments may contain confidential material > > > > > for the sole use of the intended recipient(s). Any review or > > > > > distribution by others is strictly prohibited. If you are not the > > > > > intended recipient, please contact the sender and delete all copies. > > > > > > > > > > _______________________________________________ > > > > > Crosswalk-dev mailing list > > > > > [email protected]<mailto:Crosswalk-dev@lis > > > > ts.crosswalk-project.org> > > > > > https://lists.crosswalk-project.org/mailman/listinfo/crosswalk-dev > > > > -------------------------------------------------------------------- > > > - > > > > Intel Finland Oy > > > > Registered Address: PL 281, 00181 Helsinki Business Identity Code: > > > > 0357606 - 4 Domiciled in Helsinki > > > > > > > > This e-mail and any attachments may contain confidential material > > > for > > > > the sole use of the intended recipient(s). Any review or > > > distribution > > > > by others is strictly prohibited. If you are not the intended > > > > recipient, please contact the sender and delete all copies. > > > > > > > > _______________________________________________ > > > > Crosswalk-dev mailing list > > > > [email protected]<mailto:Crosswalk-dev@lists > > > .crosswalk-project.org> > > > > https://lists.crosswalk-project.org/mailman/listinfo/crosswalk-dev _______________________________________________ Crosswalk-dev mailing list [email protected] https://lists.crosswalk-project.org/mailman/listinfo/crosswalk-dev
